The present embodiments relate to a data processing system.
The “Internet of Things” (IoT) is a name for a known trend in information technology that refers to various technologies and methods for devices to exchange data via the Internet and other computer networks. Devices that exchange data may be provided with embedded electronic circuitry, software, sensors, actuators, and communication devices providing network connectivity.
A typical IoT system includes a data processing system that is arranged to receive and process data from a plurality of field devices. The data processing system may include a data center and may be implemented as a cloud-based platform.
When a field device requests to connect to the processing system, the data processing system is to decide whether to accept the connection, and whether to accept the data from the field device. For security reasons, but also to control costs and resource consumption, rules to deny certain devices to send data if that is not explicitly wanted are established.
In terms of security, the data processing system is to know certain aspects of the devices that send data (e.g., whether the device that sends data is allowed to do so, whether the device is registered to a known tenant, whether the data that is sent is understandable to the data processing system for processing (by having a known data structure), whether the data may be interpreted (whether the data semantics are known), whether the data is actually wanted to be stored, etc.).
There are some problems in relation to the processing of unknown devices, unknown data, or unknown data structures.
The normal approach is based on a simple authorization challenge, implementing a “yes or no” concept, whereby a field device is simply either permitted or denied to exchange data with the data processing system. This authorization decision is typically based on exchange of a secret such as a certificate, where the field device presents a secret to the data processing system that was formerly generated at the data processing system. When this is the case and the device gains access and may send data, the data is accepted. However, in some cases, a device is not known, and yet it still may be desired to process the data of the device. In that case, the data is lost because the normal simple authorization challenge rejects the attempt immediately.
If a field device connection is accepted, there are still problems if data of the field device cannot be processed or stored (e.g., because the structure or semantics are unknown). Typically, errors are generated, and the data is lost. This lacks a finer grained problem solving mechanism, and the option to correct the problems before data is deleted.
In addition, this solution imposes a cost risk. If all the data is accepted and stored by the platform, this will cause operational cost (e.g., additional storage resources required in a storage database that may be billed by units of gigabytes or similar).